In recent years, world governments have stepped up the job of protecting companies and consumers against poor information management.
Unfortunately, all this has done has kicked up an awful lot of laws that are incredibly confusing with regulations flying at them from all directions.
Depending on which industry you are in, your enterprise may well be used to all the laws and the regulations or you may be new to it all.
Through the late 1990’s into the early 2000’s, the laws that govern privacy, security and accountability really came into their own, thanks partly to the likes of Enron and other high-profile security breaches, and partly due to the volume of sensitive and personal information that businesses store and transmit through channels that could be vulnerable.
At the heart of every regulation is one intention – the protection of confidentiality, availability and integrity of sensitive information that can have an impact on the shareholders of any corporation.
These regulations can be drilled down to their basic but essential goals:
- Establishing and implementing controls
- Maintaining, protecting and assessing compliance issues
- The identity of vulnerabilities and any deviations along with remediate action
- Provision of reporting that can prove compliance with the regulations
Two of the main regulations that affect corporations today are SOX and HIPAA”
Otherwise known as the Sarbanes-Oxley Act, SOX is US congress legislation that was brought in to protect against fraud and poor accounting within the enterprise
Health Insurance Portability and Accountability Act 1993 is US legislation that provides for privacy of data and security for the safeguard of medical data and information
Whether we like it or not, IT is firmly in the spotlight when it comes to compliance and, all of a sudden, IT departments in all types of industry are being charged with ensuring compliance with the regulations.
The simple reason for that is because many of these regulations detail personal liability penalties for management and directors of the companies.
The big question is, where do you go to get the support that you need to make sure your company is compliant?
There is a range of software that provides point solutions for compliance but knowing where to begin is the most daunting issue.
So far, it is security and auditing specialists that have done most of the compliance interpretation. For example, for compliance with SOX in the large enterprise, many of the bigger accounting firms will supply most of the expertise needed while, in the small organizations, IT security consultants are used.
Unfortunately, both IT security and auditors tend to see these things form different points of view so each enterprise has to make the decision on who to use based on their individual circumstances.